@mininglamp-oss/cc-channel-octo 1.0.3-dev.4ca07a0 → 1.0.3-dev.6063f4d

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,49 @@
1
+ /**
2
+ * P2-C: GROUP.md write-back tool — an in-process MCP server letting the agent
3
+ * persist an updated GROUP.md back to the server. The tool surfaces to the model
4
+ * as `mcp__group_md__update_group_md`.
5
+ *
6
+ * The server is built PER TURN (`createGroupMdToolServer`) with the current
7
+ * message's channel coords + the bot owner uid, so:
8
+ * - the write targets the PARENT group of the channel the agent is in
9
+ * (`extractParentGroupNo` — a thread shares its parent group's GROUP.md);
10
+ * - invocation is GATED to the bot owner (registerBot.owner_uid). The group's
11
+ * octo_tag token has server-side write permission, but the agent is driven by
12
+ * untrusted IM users, so this owner gate — not LLM judgment, and independent
13
+ * of the token's group-role permission — is what stops a prompt-injected
14
+ * agent from rewriting the operator's trusted GROUP.md from any chat.
15
+ *
16
+ * Concurrency, the byte ceiling, and the cache refresh are owned by the shared
17
+ * {@link GroupMdWriteback} coordinator (group-md-writeback.ts); this layer is
18
+ * only the owner-gate policy + the MCP surface.
19
+ */
20
+ import { z } from 'zod';
21
+ import { type GroupMdWriteback } from './group-md-writeback.js';
22
+ /** MCP server name; the tool surfaces as `mcp__group_md__update_group_md`. */
23
+ export declare const GROUP_MD_TOOL_SERVER_NAME = "group_md";
24
+ /** Raw coords of the session invoking the tool — gates the call + targets the group. */
25
+ export interface GroupMdSessionCoords {
26
+ /** Full channelId (may be a `<groupNo>____<shortId>` thread composite). */
27
+ channelId: string;
28
+ fromUid: string;
29
+ fromName?: string;
30
+ }
31
+ /** Shared deps the tool needs to perform a write-back. */
32
+ export interface GroupMdToolDeps {
33
+ writeback: GroupMdWriteback;
34
+ apiUrl: string;
35
+ botToken: string;
36
+ }
37
+ /**
38
+ * Build the GROUP.md tool DEFINITIONS for one agent turn. Exported separately
39
+ * from the server so tests can invoke the handler directly. `coords` targets the
40
+ * group + supplies the caller uid; `ownerUid` is the owner gate.
41
+ */
42
+ export declare function buildGroupMdTools(deps: GroupMdToolDeps, coords: GroupMdSessionCoords, ownerUid: string): import("@anthropic-ai/claude-agent-sdk").SdkMcpToolDefinition<{
43
+ content: z.ZodString;
44
+ }>[];
45
+ /**
46
+ * Build the GROUP.md write-back MCP server for one agent turn. `coords` targets
47
+ * the group + supplies the caller uid; `ownerUid` is the owner gate.
48
+ */
49
+ export declare function createGroupMdToolServer(deps: GroupMdToolDeps, coords: GroupMdSessionCoords, ownerUid: string): import("@anthropic-ai/claude-agent-sdk").McpSdkServerConfigWithInstance;
@@ -0,0 +1,95 @@
1
+ /**
2
+ * P2-C: GROUP.md write-back tool — an in-process MCP server letting the agent
3
+ * persist an updated GROUP.md back to the server. The tool surfaces to the model
4
+ * as `mcp__group_md__update_group_md`.
5
+ *
6
+ * The server is built PER TURN (`createGroupMdToolServer`) with the current
7
+ * message's channel coords + the bot owner uid, so:
8
+ * - the write targets the PARENT group of the channel the agent is in
9
+ * (`extractParentGroupNo` — a thread shares its parent group's GROUP.md);
10
+ * - invocation is GATED to the bot owner (registerBot.owner_uid). The group's
11
+ * octo_tag token has server-side write permission, but the agent is driven by
12
+ * untrusted IM users, so this owner gate — not LLM judgment, and independent
13
+ * of the token's group-role permission — is what stops a prompt-injected
14
+ * agent from rewriting the operator's trusted GROUP.md from any chat.
15
+ *
16
+ * Concurrency, the byte ceiling, and the cache refresh are owned by the shared
17
+ * {@link GroupMdWriteback} coordinator (group-md-writeback.ts); this layer is
18
+ * only the owner-gate policy + the MCP surface.
19
+ */
20
+ import { z } from 'zod';
21
+ import { createSdkMcpServer, tool } from '@anthropic-ai/claude-agent-sdk';
22
+ import { extractParentGroupNo } from './octo/channel-id.js';
23
+ import { GroupMdContentTooLargeError, MAX_GROUP_MD_CONTENT_BYTES, } from './group-md-writeback.js';
24
+ /** MCP server name; the tool surfaces as `mcp__group_md__update_group_md`. */
25
+ export const GROUP_MD_TOOL_SERVER_NAME = 'group_md';
26
+ function jsonResult(value) {
27
+ return { content: [{ type: 'text', text: JSON.stringify(value, null, 2) }] };
28
+ }
29
+ function errResult(msg) {
30
+ return { content: [{ type: 'text', text: `Error: ${msg}` }], isError: true };
31
+ }
32
+ /**
33
+ * Build the GROUP.md tool DEFINITIONS for one agent turn. Exported separately
34
+ * from the server so tests can invoke the handler directly. `coords` targets the
35
+ * group + supplies the caller uid; `ownerUid` is the owner gate.
36
+ */
37
+ export function buildGroupMdTools(deps, coords, ownerUid) {
38
+ const isOwner = coords.fromUid === ownerUid && ownerUid !== '';
39
+ return [
40
+ tool('update_group_md', 'Persist new GROUP.md content for THIS group on the server (it becomes the ' +
41
+ "group's trusted operator instructions on the next turn). `content` is the " +
42
+ 'FULL replacement document, not a diff. Hard limit: 10240 bytes UTF-8. Only ' +
43
+ 'the bot owner may call this; a non-owner request is rejected. Last write ' +
44
+ 'wins server-side — compose the complete updated document, do not assume a ' +
45
+ 'concurrent edit merged.', {
46
+ content: z
47
+ .string()
48
+ .describe('Full replacement GROUP.md document (≤10240 bytes UTF-8).'),
49
+ }, async (args) => {
50
+ try {
51
+ if (!isOwner) {
52
+ return errResult('Only the bot owner can update GROUP.md.');
53
+ }
54
+ const groupNo = extractParentGroupNo(coords.channelId);
55
+ if (!groupNo) {
56
+ return errResult('Could not resolve a group number from this channel.');
57
+ }
58
+ // Surface a friendly over-limit message before the coordinator throws
59
+ // (it re-checks as the authoritative boundary; this is just for UX).
60
+ const bytes = Buffer.byteLength(args.content, 'utf-8');
61
+ if (bytes > MAX_GROUP_MD_CONTENT_BYTES) {
62
+ return errResult(`content is ${bytes} bytes, over the ${MAX_GROUP_MD_CONTENT_BYTES}-byte ` +
63
+ `UTF-8 limit — trim it before writing (the server would reject it).`);
64
+ }
65
+ const res = await deps.writeback.writeBack({
66
+ apiUrl: deps.apiUrl,
67
+ botToken: deps.botToken,
68
+ groupNo,
69
+ content: args.content,
70
+ });
71
+ return jsonResult({
72
+ updated: { groupNo: res.groupNo, version: res.version, bytes: res.bytes },
73
+ });
74
+ }
75
+ catch (err) {
76
+ if (err instanceof GroupMdContentTooLargeError) {
77
+ return errResult(`content is ${err.bytes} bytes, over the ${MAX_GROUP_MD_CONTENT_BYTES}-byte UTF-8 limit.`);
78
+ }
79
+ return errResult(err instanceof Error ? err.message : String(err));
80
+ }
81
+ }),
82
+ ];
83
+ }
84
+ /**
85
+ * Build the GROUP.md write-back MCP server for one agent turn. `coords` targets
86
+ * the group + supplies the caller uid; `ownerUid` is the owner gate.
87
+ */
88
+ export function createGroupMdToolServer(deps, coords, ownerUid) {
89
+ return createSdkMcpServer({
90
+ name: GROUP_MD_TOOL_SERVER_NAME,
91
+ version: '1.0.0',
92
+ tools: buildGroupMdTools(deps, coords, ownerUid),
93
+ });
94
+ }
95
+ //# sourceMappingURL=group-md-tool.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"group-md-tool.js","sourceRoot":"","sources":["../src/group-md-tool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EACL,2BAA2B,EAC3B,0BAA0B,GAE3B,MAAM,yBAAyB,CAAC;AAEjC,8EAA8E;AAC9E,MAAM,CAAC,MAAM,yBAAyB,GAAG,UAAU,CAAC;AAiBpD,SAAS,UAAU,CAAC,KAAc;IAChC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;AAC/E,CAAC;AACD,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC/E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAAqB,EACrB,MAA4B,EAC5B,QAAgB;IAEhB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,KAAK,QAAQ,IAAI,QAAQ,KAAK,EAAE,CAAC;IAE/D,OAAO;QACL,IAAI,CACF,iBAAiB,EACjB,4EAA4E;YAC1E,4EAA4E;YAC5E,6EAA6E;YAC7E,2EAA2E;YAC3E,4EAA4E;YAC5E,yBAAyB,EAC3B;YACE,OAAO,EAAE,CAAC;iBACP,MAAM,EAAE;iBACR,QAAQ,CAAC,0DAA0D,CAAC;SACxE,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;YACb,IAAI,CAAC;gBACH,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,SAAS,CAAC,yCAAyC,CAAC,CAAC;gBAC9D,CAAC;gBACD,MAAM,OAAO,GAAG,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACvD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,SAAS,CAAC,qDAAqD,CAAC,CAAC;gBAC1E,CAAC;gBACD,sEAAsE;gBACtE,qEAAqE;gBACrE,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACvD,IAAI,KAAK,GAAG,0BAA0B,EAAE,CAAC;oBACvC,OAAO,SAAS,CACd,cAAc,KAAK,oBAAoB,0BAA0B,QAAQ;wBACvE,oEAAoE,CACvE,CAAC;gBACJ,CAAC;gBACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;oBACzC,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO;oBACP,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC,CAAC;gBACH,OAAO,UAAU,CAAC;oBAChB,OAAO,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE;iBAC1E,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,2BAA2B,EAAE,CAAC;oBAC/C,OAAO,SAAS,CACd,cAAc,GAAG,CAAC,KAAK,oBAAoB,0BAA0B,oBAAoB,CAC1F,CAAC;gBACJ,CAAC;gBACD,OAAO,SAAS,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACrE,CAAC;QACH,CAAC,CACF;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,IAAqB,EACrB,MAA4B,EAC5B,QAAgB;IAEhB,OAAO,kBAAkB,CAAC;QACxB,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,OAAO;QAChB,KAAK,EAAE,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;KACjD,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,97 @@
1
+ /**
2
+ * GROUP.md write-back (P2-C): the app-layer coordinator that persists an
3
+ * agent-authored GROUP.md back to the server (PUT /v1/bot/groups/{groupNo}/md)
4
+ * via A's `updateGroupMd` client, then refreshes A's in-memory cache so the next
5
+ * resolve does not TTL-refetch a stale copy.
6
+ *
7
+ * Two server-contract facts (XIN-201, measured — NOT inferred) shape this:
8
+ *
9
+ * 1. content has a HARD ≤10240-byte (UTF-8) limit; the server answers an
10
+ * oversized body with 400 err.server.bot_api.content_too_large. We reject
11
+ * locally BEFORE the PUT so a too-large write never reaches the server.
12
+ *
13
+ * 2. `version` is a server-side monotonic counter and the PUT does NOT do
14
+ * compare-and-swap (last-write-wins, no CAS). Concurrent writers therefore
15
+ * silently clobber each other server-side. We cannot fix a foreign writer
16
+ * (operator console, another gateway), but we CAN guarantee that this
17
+ * gateway never races itself: all write-backs for the same groupNo are
18
+ * serialized through a per-groupNo promise-chain lock, so the read-modify-
19
+ * write (PUT + cache update) for one call completes before the next starts.
20
+ * Cross-source last-write-wins remains possible by design — see the caveat
21
+ * on {@link GroupMdWriteback}.
22
+ *
23
+ * Owner-gating lives in the MCP tool layer (group-md-tool.ts), not here: this
24
+ * module is the mechanism, the tool is the policy boundary.
25
+ *
26
+ * Never persists anything to disk — the cache it updates is the same in-memory-
27
+ * only cache A's resolver reads (group-md-cache.ts), so this introduces no new
28
+ * durable-trust surface.
29
+ */
30
+ import { updateGroupMd } from './octo/api.js';
31
+ import type { GroupMdCache } from './group-md-cache.js';
32
+ /**
33
+ * Hard UTF-8 byte ceiling for GROUP.md content, per the XIN-201 measured
34
+ * server contract. A body above this is rejected locally (a server PUT would
35
+ * answer 400 err.server.bot_api.content_too_large).
36
+ */
37
+ export declare const MAX_GROUP_MD_CONTENT_BYTES = 10240;
38
+ /** Thrown when content exceeds {@link MAX_GROUP_MD_CONTENT_BYTES}. */
39
+ export declare class GroupMdContentTooLargeError extends Error {
40
+ readonly bytes: number;
41
+ constructor(bytes: number);
42
+ }
43
+ /** The `updateGroupMd` client signature, injectable for testing. */
44
+ export type UpdateGroupMdFn = typeof updateGroupMd;
45
+ /** Outcome of a successful write-back. */
46
+ export interface GroupMdWriteResult {
47
+ groupNo: string;
48
+ /** Server-assigned version after the PUT. */
49
+ version: number;
50
+ /** UTF-8 byte length of the content that was written. */
51
+ bytes: number;
52
+ }
53
+ export interface GroupMdWriteParams {
54
+ apiUrl: string;
55
+ botToken: string;
56
+ groupNo: string;
57
+ content: string;
58
+ signal?: AbortSignal;
59
+ }
60
+ /**
61
+ * Serializes GROUP.md write-backs per groupNo and keeps A's cache in sync.
62
+ *
63
+ * Constructed ONCE per bot (alongside the GroupMdCache it updates) and shared
64
+ * across turns, so the per-groupNo lock actually spans concurrent agent turns —
65
+ * a per-turn instance would defeat the lock. The MCP tool server (built per
66
+ * turn) borrows this shared instance.
67
+ *
68
+ * CAVEAT (documented per XIN-201 item 4): the lock only covers THIS gateway. A
69
+ * write from another source (operator console, a second gateway process) is not
70
+ * coordinated and, because the server has no CAS, last-write-wins across sources
71
+ * — that is an accepted limitation, not a bug.
72
+ */
73
+ export declare class GroupMdWriteback {
74
+ private readonly cache;
75
+ /** Injectable PUT client (defaults to the real octo client). */
76
+ private readonly updateFn;
77
+ /** Tail of the in-flight write chain per groupNo (serializes same-key writes). */
78
+ private readonly tails;
79
+ constructor(cache: GroupMdCache,
80
+ /** Injectable PUT client (defaults to the real octo client). */
81
+ updateFn?: UpdateGroupMdFn);
82
+ /**
83
+ * Run `fn` after every previously-queued op for `key` has settled, so bodies
84
+ * for the same key never overlap. Different keys run independently. `fn`'s
85
+ * rejection is surfaced to its own caller; the chain tail swallows it so a
86
+ * failed write does not wedge later writes.
87
+ */
88
+ private withLock;
89
+ /**
90
+ * Persist `content` as the group's GROUP.md and refresh the cache.
91
+ *
92
+ * Rejects with {@link GroupMdContentTooLargeError} (before any server call)
93
+ * when content exceeds the UTF-8 byte limit; propagates the client error when
94
+ * the PUT itself fails (cache is left untouched in that case).
95
+ */
96
+ writeBack(params: GroupMdWriteParams): Promise<GroupMdWriteResult>;
97
+ }
@@ -0,0 +1,118 @@
1
+ /**
2
+ * GROUP.md write-back (P2-C): the app-layer coordinator that persists an
3
+ * agent-authored GROUP.md back to the server (PUT /v1/bot/groups/{groupNo}/md)
4
+ * via A's `updateGroupMd` client, then refreshes A's in-memory cache so the next
5
+ * resolve does not TTL-refetch a stale copy.
6
+ *
7
+ * Two server-contract facts (XIN-201, measured — NOT inferred) shape this:
8
+ *
9
+ * 1. content has a HARD ≤10240-byte (UTF-8) limit; the server answers an
10
+ * oversized body with 400 err.server.bot_api.content_too_large. We reject
11
+ * locally BEFORE the PUT so a too-large write never reaches the server.
12
+ *
13
+ * 2. `version` is a server-side monotonic counter and the PUT does NOT do
14
+ * compare-and-swap (last-write-wins, no CAS). Concurrent writers therefore
15
+ * silently clobber each other server-side. We cannot fix a foreign writer
16
+ * (operator console, another gateway), but we CAN guarantee that this
17
+ * gateway never races itself: all write-backs for the same groupNo are
18
+ * serialized through a per-groupNo promise-chain lock, so the read-modify-
19
+ * write (PUT + cache update) for one call completes before the next starts.
20
+ * Cross-source last-write-wins remains possible by design — see the caveat
21
+ * on {@link GroupMdWriteback}.
22
+ *
23
+ * Owner-gating lives in the MCP tool layer (group-md-tool.ts), not here: this
24
+ * module is the mechanism, the tool is the policy boundary.
25
+ *
26
+ * Never persists anything to disk — the cache it updates is the same in-memory-
27
+ * only cache A's resolver reads (group-md-cache.ts), so this introduces no new
28
+ * durable-trust surface.
29
+ */
30
+ import { updateGroupMd } from './octo/api.js';
31
+ /**
32
+ * Hard UTF-8 byte ceiling for GROUP.md content, per the XIN-201 measured
33
+ * server contract. A body above this is rejected locally (a server PUT would
34
+ * answer 400 err.server.bot_api.content_too_large).
35
+ */
36
+ export const MAX_GROUP_MD_CONTENT_BYTES = 10240;
37
+ /** Thrown when content exceeds {@link MAX_GROUP_MD_CONTENT_BYTES}. */
38
+ export class GroupMdContentTooLargeError extends Error {
39
+ bytes;
40
+ constructor(bytes) {
41
+ super(`GROUP.md content is ${bytes} bytes, over the ${MAX_GROUP_MD_CONTENT_BYTES}-byte UTF-8 limit`);
42
+ this.bytes = bytes;
43
+ this.name = 'GroupMdContentTooLargeError';
44
+ }
45
+ }
46
+ /**
47
+ * Serializes GROUP.md write-backs per groupNo and keeps A's cache in sync.
48
+ *
49
+ * Constructed ONCE per bot (alongside the GroupMdCache it updates) and shared
50
+ * across turns, so the per-groupNo lock actually spans concurrent agent turns —
51
+ * a per-turn instance would defeat the lock. The MCP tool server (built per
52
+ * turn) borrows this shared instance.
53
+ *
54
+ * CAVEAT (documented per XIN-201 item 4): the lock only covers THIS gateway. A
55
+ * write from another source (operator console, a second gateway process) is not
56
+ * coordinated and, because the server has no CAS, last-write-wins across sources
57
+ * — that is an accepted limitation, not a bug.
58
+ */
59
+ export class GroupMdWriteback {
60
+ cache;
61
+ updateFn;
62
+ /** Tail of the in-flight write chain per groupNo (serializes same-key writes). */
63
+ tails = new Map();
64
+ constructor(cache,
65
+ /** Injectable PUT client (defaults to the real octo client). */
66
+ updateFn = updateGroupMd) {
67
+ this.cache = cache;
68
+ this.updateFn = updateFn;
69
+ }
70
+ /**
71
+ * Run `fn` after every previously-queued op for `key` has settled, so bodies
72
+ * for the same key never overlap. Different keys run independently. `fn`'s
73
+ * rejection is surfaced to its own caller; the chain tail swallows it so a
74
+ * failed write does not wedge later writes.
75
+ */
76
+ withLock(key, fn) {
77
+ const prev = this.tails.get(key) ?? Promise.resolve();
78
+ const result = prev.then(fn, fn); // run regardless of prior success/failure
79
+ const tail = result.then(() => undefined, () => undefined);
80
+ this.tails.set(key, tail);
81
+ // Best-effort cleanup: drop the key once the queue drains to this tail, so
82
+ // the Map does not grow without bound across many groups.
83
+ tail.then(() => {
84
+ if (this.tails.get(key) === tail)
85
+ this.tails.delete(key);
86
+ });
87
+ return result;
88
+ }
89
+ /**
90
+ * Persist `content` as the group's GROUP.md and refresh the cache.
91
+ *
92
+ * Rejects with {@link GroupMdContentTooLargeError} (before any server call)
93
+ * when content exceeds the UTF-8 byte limit; propagates the client error when
94
+ * the PUT itself fails (cache is left untouched in that case).
95
+ */
96
+ async writeBack(params) {
97
+ const { apiUrl, botToken, groupNo, content, signal } = params;
98
+ const bytes = Buffer.byteLength(content, 'utf-8');
99
+ if (bytes > MAX_GROUP_MD_CONTENT_BYTES) {
100
+ // Reject locally — do NOT hit the server (it would answer 400).
101
+ throw new GroupMdContentTooLargeError(bytes);
102
+ }
103
+ return this.withLock(groupNo, async () => {
104
+ const { version } = await this.updateFn({ apiUrl, botToken, groupNo, content, signal });
105
+ // Write the just-persisted content/version back into A's in-memory cache
106
+ // so the next resolveGroupInstructions serves what we wrote instead of
107
+ // either re-fetching (TTL) or, worse, returning a now-stale cached copy.
108
+ // updated_at is null because the PUT response carries only { version }.
109
+ this.cache.set(groupNo, {
110
+ content,
111
+ version: typeof version === 'number' ? version : 0,
112
+ updated_at: null,
113
+ });
114
+ return { groupNo, version, bytes };
115
+ });
116
+ }
117
+ }
118
+ //# sourceMappingURL=group-md-writeback.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"group-md-writeback.js","sourceRoot":"","sources":["../src/group-md-writeback.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAG9C;;;;GAIG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,KAAK,CAAC;AAEhD,sEAAsE;AACtE,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IACxB;IAA5B,YAA4B,KAAa;QACvC,KAAK,CACH,uBAAuB,KAAK,oBAAoB,0BAA0B,mBAAmB,CAC9F,CAAC;QAHwB,UAAK,GAAL,KAAK,CAAQ;QAIvC,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF;AAsBD;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,gBAAgB;IAKR;IAEA;IANnB,kFAAkF;IACjE,KAAK,GAAG,IAAI,GAAG,EAA4B,CAAC;IAE7D,YACmB,KAAmB;IACpC,gEAAgE;IAC/C,WAA4B,aAAa;QAFzC,UAAK,GAAL,KAAK,CAAc;QAEnB,aAAQ,GAAR,QAAQ,CAAiC;IACzD,CAAC;IAEJ;;;;;OAKG;IACK,QAAQ,CAAI,GAAW,EAAE,EAAoB;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,0CAA0C;QAC5E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CACtB,GAAG,EAAE,CAAC,SAAS,EACf,GAAG,EAAE,CAAC,SAAS,CAChB,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1B,2EAA2E;QAC3E,0DAA0D;QAC1D,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;YACb,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,SAAS,CAAC,MAA0B;QACxC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QAC9D,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,KAAK,GAAG,0BAA0B,EAAE,CAAC;YACvC,gEAAgE;YAChE,MAAM,IAAI,2BAA2B,CAAC,KAAK,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YACxF,yEAAyE;YACzE,uEAAuE;YACvE,yEAAyE;YACzE,wEAAwE;YACxE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE;gBACtB,OAAO;gBACP,OAAO,EAAE,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAClD,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}
@@ -1,53 +1,76 @@
1
1
  /**
2
- * GROUP.md resolution (P2-A): server-first fetch with a never-lose local-file
3
- * fallback, behind a feature flag.
2
+ * GROUP.md / THREAD.md resolution: server-first fetch with a never-lose
3
+ * local-file fallback, behind a feature flag.
4
4
  *
5
5
  * `resolveGroupInstructions` is the single entry point the message pipeline
6
- * calls to obtain the trusted per-group instruction block injected into the
7
- * agent's system prompt. Resolution order:
6
+ * calls to obtain the trusted per-conversation instruction block injected into
7
+ * the agent's system prompt.
8
8
  *
9
+ * 🔴 Thread vs group are MUTUALLY EXCLUSIVE (老板拍板口径, #88 P3). The entry
10
+ * point routes on channelId shape:
11
+ * - A thread (`<groupNo>____<shortId>`, CommunityTopic) resolves its OWN
12
+ * THREAD.md only. It NEVER falls back to — nor stacks — the parent group's
13
+ * GROUP.md, and it NEVER reads or writes the group's `groupMdCache` (which
14
+ * is keyed by the parent groupNo). See `resolveThreadInstructions`.
15
+ * - A plain group (`<groupNo>`, no separator) resolves its GROUP.md exactly as
16
+ * before — the group branch below is byte-for-byte the pre-P3 behavior.
17
+ *
18
+ * The bug this fixes (XIN-224): the old resolver collapsed EVERY channelId to
19
+ * its parent groupNo via `extractParentGroupNo`, so with `serverMd` on a thread
20
+ * message was injected the parent group's GROUP.md — violating the redline that
21
+ * a thread injects only its own THREAD.md.
22
+ *
23
+ * Group-branch resolution order (unchanged):
9
24
  * 1. Feature flag OFF (default) or no cache wired → pure local file
10
- * (`loadGroupConfig`). Byte-identical to the pre-P2 behavior, so existing
11
- * local-file deployments are unaffected.
25
+ * (`loadGroupConfig`). Byte-identical to the pre-P2 behavior.
12
26
  * 2. Feature flag ON:
13
27
  * a. serve a cached server GROUP.md if present and not past its TTL (keyed
14
- * by the PARENT group number a thread shares its parent group's
15
- * GROUP.md). The cache is IN-MEMORY ONLY (no disk), so the only way
16
- * content reaches this trusted system-prompt channel is a live,
17
- * authenticated fetch never a forgeable on-disk artifact a chat-
18
- * driven Bash/Write could plant (review #172 🔴; see group-md-cache.ts);
28
+ * by the group number). The cache is IN-MEMORY ONLY (no disk), so the
29
+ * only way content reaches this trusted system-prompt channel is a
30
+ * live, authenticated fetch never a forgeable on-disk artifact
31
+ * (review #172 🔴; see group-md-cache.ts);
19
32
  * b. otherwise fetch from the server (server-first). On success with
20
33
  * non-empty content, cache it and use it;
21
34
  * c. on ANY failure (404 "no GROUP.md", network, timeout, empty content)
22
35
  * fall back to the local file. The local-file path is never lost.
23
36
  *
24
- * Trust: server content stands on its own trust root an authenticated
25
- * `getGroupMd` over the bot token against the SSRF-validated `apiUrl`, server-
26
- * side bot_admin-gated NOT on the OS-permission trust the local `groupConfigDir`
27
- * file relies on. By caching only in memory we never let server content
28
- * masquerade as (or be confused with) a trusted local file on disk.
37
+ * Thread-branch resolution order (P3-1) mirrors the group branch, keyed by the
38
+ * COMPOSITE `<groupNo>::<shortId>` (see `resolveThreadInstructions`), gated on
39
+ * the independent `threadMd` flag; when the flag is off a thread still resolves
40
+ * its local `<shortId>.md` (already the correct non-stacking behavior).
29
41
  *
30
- * Thread routing (P1): a thread channelId is the composite `<groupNo>____<shortId>`.
31
- * The server GROUP.md endpoint is keyed by the parent group number, so we resolve
32
- * it with `extractParentGroupNo` for the API call + cache key (identity for a
33
- * plain group). The local-file fallback still receives the FULL channelId so its
34
- * own thread/short-id routing in `loadGroupConfig` is preserved unchanged.
42
+ * Trust: server content stands on its own trust root — an authenticated
43
+ * `getGroupMd` / `getThreadMd` over the bot token against the SSRF-validated
44
+ * `apiUrl` NOT on the OS-permission trust the local `groupConfigDir` file
45
+ * relies on. By caching only in memory we never let server content masquerade
46
+ * as (or be confused with) a trusted local file on disk.
35
47
  *
36
48
  * Never throws — a server error degrades to local, a local miss degrades to
37
49
  * "no custom instructions".
38
50
  */
39
- import type { GroupMdCache } from './group-md-cache.js';
51
+ import type { GroupMdCache, ThreadMdCache } from './group-md-cache.js';
40
52
  export interface ResolveGroupInstructionsParams {
41
53
  /** Operator local-instruction directory (the existing fallback source). */
42
54
  groupConfigDir?: string;
43
- /** Feature flag: when false/undefined, server fetch is skipped entirely. */
55
+ /** Feature flag: when false/undefined, server GROUP.md fetch is skipped. */
44
56
  serverMd?: boolean;
57
+ /**
58
+ * P3-1 feature flag: when true, a THREAD channel resolves its THREAD.md
59
+ * server-first (GET /v1/bot/groups/{groupNo}/threads/{shortId}/md) before its
60
+ * local `<shortId>.md`. When false/undefined (default) a thread resolves ONLY
61
+ * its local file — which is already the correct non-stacking behavior, so the
62
+ * flag gates the NEW server-read capability, not the bug fix. Independent of
63
+ * `serverMd` (which governs the group server-read path).
64
+ */
65
+ threadMd?: boolean;
45
66
  apiUrl: string;
46
67
  botToken: string;
47
68
  /** Full channelId (may be a `<groupNo>____<shortId>` thread composite). */
48
69
  channelId: string;
49
- /** Server GROUP.md cache. Omitted (or flag off) → pure local file. */
70
+ /** Server GROUP.md cache (group branch). Omitted (or flag off) → pure local. */
50
71
  cache?: GroupMdCache;
72
+ /** Server THREAD.md cache (thread branch). Omitted (or flag off) → pure local. */
73
+ threadCache?: ThreadMdCache;
51
74
  signal?: AbortSignal;
52
75
  }
53
76
  export declare function resolveGroupInstructions(params: ResolveGroupInstructionsParams): Promise<string | undefined>;
package/dist/group-md.js CHANGED
@@ -1,43 +1,55 @@
1
1
  /**
2
- * GROUP.md resolution (P2-A): server-first fetch with a never-lose local-file
3
- * fallback, behind a feature flag.
2
+ * GROUP.md / THREAD.md resolution: server-first fetch with a never-lose
3
+ * local-file fallback, behind a feature flag.
4
4
  *
5
5
  * `resolveGroupInstructions` is the single entry point the message pipeline
6
- * calls to obtain the trusted per-group instruction block injected into the
7
- * agent's system prompt. Resolution order:
6
+ * calls to obtain the trusted per-conversation instruction block injected into
7
+ * the agent's system prompt.
8
8
  *
9
+ * 🔴 Thread vs group are MUTUALLY EXCLUSIVE (老板拍板口径, #88 P3). The entry
10
+ * point routes on channelId shape:
11
+ * - A thread (`<groupNo>____<shortId>`, CommunityTopic) resolves its OWN
12
+ * THREAD.md only. It NEVER falls back to — nor stacks — the parent group's
13
+ * GROUP.md, and it NEVER reads or writes the group's `groupMdCache` (which
14
+ * is keyed by the parent groupNo). See `resolveThreadInstructions`.
15
+ * - A plain group (`<groupNo>`, no separator) resolves its GROUP.md exactly as
16
+ * before — the group branch below is byte-for-byte the pre-P3 behavior.
17
+ *
18
+ * The bug this fixes (XIN-224): the old resolver collapsed EVERY channelId to
19
+ * its parent groupNo via `extractParentGroupNo`, so with `serverMd` on a thread
20
+ * message was injected the parent group's GROUP.md — violating the redline that
21
+ * a thread injects only its own THREAD.md.
22
+ *
23
+ * Group-branch resolution order (unchanged):
9
24
  * 1. Feature flag OFF (default) or no cache wired → pure local file
10
- * (`loadGroupConfig`). Byte-identical to the pre-P2 behavior, so existing
11
- * local-file deployments are unaffected.
25
+ * (`loadGroupConfig`). Byte-identical to the pre-P2 behavior.
12
26
  * 2. Feature flag ON:
13
27
  * a. serve a cached server GROUP.md if present and not past its TTL (keyed
14
- * by the PARENT group number a thread shares its parent group's
15
- * GROUP.md). The cache is IN-MEMORY ONLY (no disk), so the only way
16
- * content reaches this trusted system-prompt channel is a live,
17
- * authenticated fetch never a forgeable on-disk artifact a chat-
18
- * driven Bash/Write could plant (review #172 🔴; see group-md-cache.ts);
28
+ * by the group number). The cache is IN-MEMORY ONLY (no disk), so the
29
+ * only way content reaches this trusted system-prompt channel is a
30
+ * live, authenticated fetch never a forgeable on-disk artifact
31
+ * (review #172 🔴; see group-md-cache.ts);
19
32
  * b. otherwise fetch from the server (server-first). On success with
20
33
  * non-empty content, cache it and use it;
21
34
  * c. on ANY failure (404 "no GROUP.md", network, timeout, empty content)
22
35
  * fall back to the local file. The local-file path is never lost.
23
36
  *
24
- * Trust: server content stands on its own trust root an authenticated
25
- * `getGroupMd` over the bot token against the SSRF-validated `apiUrl`, server-
26
- * side bot_admin-gated NOT on the OS-permission trust the local `groupConfigDir`
27
- * file relies on. By caching only in memory we never let server content
28
- * masquerade as (or be confused with) a trusted local file on disk.
37
+ * Thread-branch resolution order (P3-1) mirrors the group branch, keyed by the
38
+ * COMPOSITE `<groupNo>::<shortId>` (see `resolveThreadInstructions`), gated on
39
+ * the independent `threadMd` flag; when the flag is off a thread still resolves
40
+ * its local `<shortId>.md` (already the correct non-stacking behavior).
29
41
  *
30
- * Thread routing (P1): a thread channelId is the composite `<groupNo>____<shortId>`.
31
- * The server GROUP.md endpoint is keyed by the parent group number, so we resolve
32
- * it with `extractParentGroupNo` for the API call + cache key (identity for a
33
- * plain group). The local-file fallback still receives the FULL channelId so its
34
- * own thread/short-id routing in `loadGroupConfig` is preserved unchanged.
42
+ * Trust: server content stands on its own trust root — an authenticated
43
+ * `getGroupMd` / `getThreadMd` over the bot token against the SSRF-validated
44
+ * `apiUrl` NOT on the OS-permission trust the local `groupConfigDir` file
45
+ * relies on. By caching only in memory we never let server content masquerade
46
+ * as (or be confused with) a trusted local file on disk.
35
47
  *
36
48
  * Never throws — a server error degrades to local, a local miss degrades to
37
49
  * "no custom instructions".
38
50
  */
39
- import { getGroupMd } from './octo/api.js';
40
- import { extractParentGroupNo } from './octo/channel-id.js';
51
+ import { getGroupMd, getThreadMd } from './octo/api.js';
52
+ import { extractParentGroupNo, extractThreadShortId, isThreadChannelId } from './octo/channel-id.js';
41
53
  import { loadGroupConfig, MAX_GROUP_CONFIG_BYTES } from './group-config.js';
42
54
  /**
43
55
  * Trim and byte-bound server-provided GROUP.md the same way loadGroupConfig
@@ -55,6 +67,19 @@ function boundInstructions(content) {
55
67
  return trimmed.length > 0 ? trimmed : undefined;
56
68
  }
57
69
  export async function resolveGroupInstructions(params) {
70
+ // 🔴 Thread and group are mutually exclusive. A thread resolves ONLY its own
71
+ // THREAD.md and must never touch the parent group's GROUP.md nor its cache.
72
+ if (isThreadChannelId(params.channelId)) {
73
+ return resolveThreadInstructions(params);
74
+ }
75
+ return resolveGroupBranch(params);
76
+ }
77
+ /**
78
+ * Plain-group branch — byte-for-byte the pre-P3 `resolveGroupInstructions`
79
+ * behavior (server-first GROUP.md + in-memory cache keyed by groupNo + never-
80
+ * lose local `<groupNo>.md` fallback). Reached only for non-thread channelIds.
81
+ */
82
+ async function resolveGroupBranch(params) {
58
83
  const { groupConfigDir, serverMd, apiUrl, botToken, channelId, cache, signal } = params;
59
84
  const local = () => loadGroupConfig(groupConfigDir, channelId);
60
85
  // Flag off (or no cache to dedupe fetches) → pure local file, unchanged behavior.
@@ -95,4 +120,68 @@ export async function resolveGroupInstructions(params) {
95
120
  return local();
96
121
  }
97
122
  }
123
+ /**
124
+ * Thread branch (P3-1) — resolves a CommunityTopic thread's OWN THREAD.md.
125
+ *
126
+ * 🔴 By construction this branch NEVER reads or writes the group `cache`
127
+ * (keyed by parent groupNo) and NEVER calls `getGroupMd`, so a thread can never
128
+ * be injected — or have cached — its parent group's GROUP.md.
129
+ *
130
+ * Resolution mirrors the group branch, keyed by the COMPOSITE `groupNo::shortId`:
131
+ * - `threadMd` off (or no thread cache) → local `<shortId>.md` only
132
+ * (`loadGroupConfig` is already thread-aware). This is the correct
133
+ * non-stacking behavior even with the new server capability disabled.
134
+ * - `threadMd` on:
135
+ * a. serve a fresh cached THREAD.md (in-memory only, TTL-bounded);
136
+ * b. else server-first `getThreadMd`, cache non-empty content and use it;
137
+ * c. on ANY failure / empty → never-lose local `<shortId>.md` fallback.
138
+ */
139
+ async function resolveThreadInstructions(params) {
140
+ const { groupConfigDir, threadMd, apiUrl, botToken, channelId, threadCache, signal } = params;
141
+ // Local fallback keeps the FULL channelId — loadGroupConfig routes a thread to
142
+ // its own `<shortId>.md`, never the parent group's `<groupNo>.md`.
143
+ const local = () => loadGroupConfig(groupConfigDir, channelId);
144
+ // Flag off (or no thread cache) → pure local `<shortId>.md`. Already correct
145
+ // non-stacking behavior — the flag only gates the server-read capability.
146
+ if (!threadMd || !threadCache)
147
+ return local();
148
+ const groupNo = extractParentGroupNo(channelId);
149
+ const shortId = extractThreadShortId(channelId);
150
+ // A malformed thread channelId (`<groupNo>____` with no shortId) can't be
151
+ // server-keyed — degrade to local rather than fetch a group-scoped path.
152
+ if (!shortId)
153
+ return local();
154
+ // a) fresh cached server THREAD.md wins. Composite-keyed, in-memory only,
155
+ // TTL-bounded (expired → miss → re-fetch below).
156
+ const cached = threadCache.get(groupNo, shortId);
157
+ if (cached) {
158
+ const bounded = boundInstructions(cached.content);
159
+ if (bounded)
160
+ return bounded;
161
+ // Cached-but-empty (shouldn't normally happen) → fall through to local.
162
+ return local();
163
+ }
164
+ // b) server-first fetch of this thread's own THREAD.md.
165
+ try {
166
+ const md = await getThreadMd({ apiUrl, botToken, groupNo, shortId, signal });
167
+ const bounded = boundInstructions(md?.content ?? '');
168
+ if (bounded) {
169
+ const entry = {
170
+ content: md.content,
171
+ version: typeof md.version === 'number' ? md.version : 0,
172
+ updated_at: md.updated_at ?? null,
173
+ updated_by: md.updated_by,
174
+ };
175
+ threadCache.set(groupNo, shortId, entry);
176
+ return bounded;
177
+ }
178
+ // Server reachable but no/empty THREAD.md → local fallback.
179
+ return local();
180
+ }
181
+ catch (err) {
182
+ // c) 404 / network / timeout — never-lose local fallback.
183
+ console.error(`[cc-channel-octo] thread-md: server fetch for ${groupNo}::${shortId} failed, falling back to local: ${String(err)}`);
184
+ return local();
185
+ }
186
+ }
98
187
  //# sourceMappingURL=group-md.js.map